dlm: check the write size from user Return EINVAL from write if the size is larger than allowed. Do this before allocating kernel memory for the bogus size, which could lead to OOM. Reported-by: Sasha Levin <levinsasha928@gmail.com> Tested-by: Jana Saout <jana@saout.de> Signed-off-by: David Teigland <teigland@redhat.com>

commit: d4b0bcf32b946590afd29e202d6a399b84fe6c67 [log] [tgz]
author: David Teigland <teigland@redhat.com> Mon Feb 04 15:31:22 2013 -0600
committer: David Teigland <teigland@redhat.com> Mon Feb 04 15:31:22 2013 -0600
tree: ab44da9a693c1e7fd22e5f45d26e1e7742281516
parent: 6edacf05c8362f4c368991b55d85e8122cfc9a24 [diff] [blame]
diff --git a/fs/dlm/user.c b/fs/dlm/user.c
index 7ff4985..911649a 100644
--- a/fs/dlm/user.c
+++ b/fs/dlm/user.c

@@ -503,11 +503,11 @@
 #endif
 		return -EINVAL;
 
-#ifdef CONFIG_COMPAT
-	if (count > sizeof(struct dlm_write_request32) + DLM_RESNAME_MAXLEN)
-#else
+	/*
+	 * can't compare against COMPAT/dlm_write_request32 because
+	 * we don't yet know if is64bit is zero
+	 */
 	if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)
-#endif
 		return -EINVAL;
 
 	kbuf = kzalloc(count + 1, GFP_NOFS);
commit	d4b0bcf32b946590afd29e202d6a399b84fe6c67	[log] [tgz]
author	David Teigland <teigland@redhat.com>	Mon Feb 04 15:31:22 2013 -0600
committer	David Teigland <teigland@redhat.com>	Mon Feb 04 15:31:22 2013 -0600
tree	ab44da9a693c1e7fd22e5f45d26e1e7742281516
parent	6edacf05c8362f4c368991b55d85e8122cfc9a24 [diff] [blame]